14712b4b8359f75ff22425058919a5983443dc59
max
  Mon Dec 15 13:07:53 2025 -0800
documenting captcha exceptions, no redmine, email from Hiram

diff --git src/product/mirrorManual.txt src/product/mirrorManual.txt
index 3b3701b4ee7..c0943166c9f 100644
--- src/product/mirrorManual.txt
+++ src/product/mirrorManual.txt
@@ -1988,15 +1988,25 @@
 
 # Set up the Cloudflare captcha
 
 Go to Cloudflare.com, make an account, login, go to Application Security >
 Turnstile, click "Add Widget", make sure that you enter your publicly visible
 hostname of your web server. Copy the API site key and secret and put it into
 your cgi-bin/hg.conf file:
 
     # Turns on cloudflare turnstile captcha
     cloudFlareSiteKey=0x4xxxxxxxxxxxxxxx
     cloudFlareSecretKey=0x4xxxxxxxxxxxxx
 
 Not need to restart Apache, at the next access to the browser, a one-click captcha will come up.
 The captcha comes up only a single time, once a unique cookie is set, it will never come up again.
 
+If you do not want to show the captcha for certain user agents:
+
+    noCaptchaAgent.1=^myUserAgent$
+    noCaptchaAgent.2=^AnotherUserAgentRegex
+
+Create as many as you want, they will be checked in order, as long as there is a number after the dot.
+
+If you want to exclude certain IP addresses from the captcha:
+
+    bottleneck.except=129.101.222.32 0a0a:ffff:136:1::20 10.80.10.10